Information about configuring DataStax Enterprise, including using virtual nodes; setting up security; storing
and accessing data exclusively from memory; setting up distributed data replication from remote clusters;
running multiple DataStax Enterprise nodes on a single host machine, and automating the movement of data
across different types of storage media.

The log format is a simple set of pipe-delimited name/value pairs. A name/value pair, or field, is only included in the
log line if a value exists for that particular event.

Formats of DataStax Enterprise logs

The log format is a simple set of pipe-delimited name/value pairs. A name/value pair, or
field, is only included in the log line if a value exists for that particular event.

The log format is a simple set of pipe-delimited name/value pairs. The pairs themselves are
separated by the pipe symbol ("|"), and the name and value portions of each pair are separated
by a colon. A name/value pair, or field, is only included in the log line when a value exists
for that particular event. Some fields always have a value, and are always present. Others
might not be relevant for a given operation. To make parsing with automated tools easier, the
order in which fields appear (when present) in the log line is predictable. For example, the
text of CQL statements is unquoted, but if present, is always the last field in the log
line.

Field Label

Field Value

Optional

host

dse node address

no

source

client address

no

user

authenticated user

no

timestamp

system time of log event

no

category

DML/DDL/QUERY for example

no

type

API level operation

no

batch

batch id

yes

ks

keyspace

yes

cf

column family

yes

operation

textual description

yes

The textual description value for the operation field label is currently only present for
CQL.

Auditing is completely separate from authorization, although the data points logged include the
client address and authenticated user, which may be a generic user if the default
authenticator is not overridden. Logging of requests can be activated for any or all of the
list of categories described in Enabling data auditing in DataStax Enterprise.

CQL logging examples

Generally, SELECT queries are placed into the QUERY category. The INSERT, UPDATE, and DELETE
statements are categorized as DML. CQL statements that affect schema, such as CREATE KEYSPACE
and DROP KEYSPACE are categorized as DDL.

Batch updates

Batch updates, whether received via a Thrift batch_mutate call, or in CQL BEGIN
BATCH....APPLY BATCH block, are logged in the following way: A UUID is generated for
the batch, then each individual operation is reported separately, with an extra field containing
the batch id.

Information about configuring DataStax Enterprise, including using virtual nodes; setting up security; storing
and accessing data exclusively from memory; setting up distributed data replication from remote clusters;
running multiple DataStax Enterprise nodes on a single host machine, and automating the movement of data
across different types of storage media.

DataStax is a registered trademark of DataStax, Inc. and its subsidiaries in the United States and/or other countries.

Apache Cassandra, Apache, Tomcat, Lucene, Solr, Hadoop, Spark, TinkerPop, and Cassandra are trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries.